Best Firewall For simple job + learning experience?

gline

Im looking to get a half-decent firewall for my net connection, moreso for the learning experience, have my connection on 24/7 also

I have a netscreen 5xp one at the moment but i dont like it at all, cant get it to work with my IBB connection

What would you suggest i get? nokia/cisco/symantec etc etc??? Just looking for something simple enough but that has a fair few features, like vpn etc and that costs about 200-300 second-hand and doesnt require a degree to set it up, but i dont want it to be too simple either as then i'l never learn :rolleyes:

What has your experience with different types of firewalls been?? What would you suggest?

i71jskz5xu42pb

gline wrote:

What would you suggest?

Buy and old PC, install http://www.smoothwall.org/

gline

PaschalNee wrote:

Buy and old PC, install http://www.smoothwall.org/

nah, im looking for an appliance, i dont want to go down that route

Sponge Bob

a Cisco Pix

gline

Sponge Bob wrote:

a Cisco Pix

how much they going for? what model is adaquete?

tech

you could buy a Sonicwall TZ 150 with a VPN CLient Licenses for €430 these are a great little firewall

www.sonicwallonline.co.uk

you can also buy whats called a secuity suite which scans for Virus, Spyware, Intrusion protection, Content filtering and E-mail filter for an extra €130 yearly payment

Max nodes on this is 10

gline

tech wrote:

you could buy a Sonicwall TZ 150 with a VPN CLient Licenses for €430 these are a great little firewall

www.sonicwallonline.co.uk

you can also buy whats called a secuity suite which scans for Virus, Spyware, Intrusion protection, Content filtering and E-mail filter for an extra €130 yearly payment

Max nodes on this is 10

yeh that sounds like the type im after, would they be the best in that price range?

Whats the deal with buying 2ndhand firewalls? do they have to have licenses and software with them?

liamo

gline wrote:

.....moreso for the learning experience, ....

.... something simple enough but that has a fair few features, like vpn etc and that costs about 200-300 second-hand and doesnt require a degree to set it up, but i dont want it to be too simple either as then i'l never learn

Hi,

I think you're coming at this from the wrong angle. If you want to learn, then I think you need to start here.

Learning how to configure an appliance will only teach you how to configure that appliance.

PaschalNee's suggestion of SmoothWall was a good one. Another one to try is MonoWall, which is my current favourite (having used SmoothWall and IPCop for a number of years).

I'd also like to confirm Tech's recommendation of SonicWall. A colleague of mine installs these into all his client sites and can't speak highly enough of them.

However, to directly answer your question, I have come across CyberGuard a few times and it seems to be quite good. It has IPSec and PPTP VPNs, QOS, and the usual Port Forwarding stuff. I think it retails at about €500 so a second-hand one should cost €200-€300.

Regards,

Liam

gline

liamo wrote:

Hi,

I think you're coming at this from the wrong angle. If you want to learn, then I think you need to start here.

Learning how to configure an appliance will only teach you how to configure that appliance.

PaschalNee's suggestion of SmoothWall was a good one. Another one to try is MonoWall, which is my current favourite (having used SmoothWall and IPCop for a number of years).

I'd also like to confirm Tech's recommendation of SonicWall. A colleague of mine installs these into all his client sites and can't speak highly enough of them.

However, to directly answer your question, I have come across CyberGuard a few times and it seems to be quite good. It has IPSec and PPTP VPNs, QOS, and the usual Port Forwarding stuff. I think it retails at about €500 so a second-hand one should cost €200-€300.

Regards,

Liam

thanks for the info
I just dont wan to go to the bother of building another pc and have that running (noisey and higher energy consumption) then having a small appliance,

tech

Yep Sonicwall Rock, I reckon must be one of the best/easyist to confiurge, The cisco Pix are meant to a total head ache of a job to configure but as alot of people say, Im off to Ebay to see If I can find one. there is no software but usually these would be register on the sonicwall site www.mysonicwall.com and f you bought one 2nd hand you would need the mysonicwall.com login details to transfer this into your name

Sponge Bob

tech wrote:

The cisco Pix are meant to a total head ache of a job to configure

Thats is correct but you want to learn...right ?

tech

also true

gline

Sponge Bob wrote:

Thats is correct but you want to learn...right ?

yeh, but there is no need to go straight to the deep end and get too frustrated with it
il start off small and work my way up

tech

is there any good way to get a static IP Address, Is anyone using Dymanic DNS ?? is this easy to setup what kind of router do I need?? is there software I need to install on my PC to keep the IP updated

liamo

gline wrote:

thanks for the info
I just dont wan to go to the bother of building another pc and have that running (noisey and higher energy consumption) then having a small appliance,

That's a perfectly good reason. In fact, it's the reason that I stopped using old PC's as my firewall - having used various PCs with SmoothWall and IPCop for a number of years.

An old 3Com Wireless router was installed for a while but it didn't have the functionality I needed.

What I did was get a Soekris Net4801 with a 1GB Flash Drive. I loaded up M0n0Wall and now I have a low-power, silent (no moving parts) firewall that does everything I want.

Is there any good way to get a static IP Address

I have a static IP. I phoned my ISP (Eircom) and they charged me a €60 once-off charge. To get it, however, I needed to be on the home-plus package (which I was) as opposed to the home-starter package.

Is anyone using Dymanic DNS ?? is this easy to setup what kind of router do I need?? is there software I need to install on my PC to keep the IP updated

I used no-ip.com for a number of years. It's straightforward to set up and costs $10 per annum. (That may have changed since I used it)
One of the advantages of SmoothWall and IPCop was that they had Dynamic DNS features built-in so they'd update your Dynamic DNS provider with your IP each time it changed. Additionally, the Dynamic DNS provider will supply utilities to run on your PC to update your DNS settings.


Regards,

Liam

gline

is it possible to put smoothwall or monowall on other devices?

would i be able to delete the screenOS off the netscreen firewall and stick on an open source firewall software???

liamo

is it possible to put smoothwall or monowall on other devices?

I wouldn't have thought so. They're designed to be installed on PCs.

would i be able to delete the screenOS off the netscreen firewall and stick on an open source firewall software???

I've never heard of a "Let's Hack NetScreen" project so I'd have to say "No", but I could be wrong.

Regards

Liam

ntlbell

I can't think of a firewall out there that after 10 minutes of playing with you won't be able to configure, but this is absoloutley pointless if you don't understand networking and the underliying concepts.

As liamo said you're better off with doing some reading, playing with something like OpenBSD and PF gives you a deeper understanding of what's going on(Under the hood), clicking around a web inteface won't teach you zip.

gline

ntlbell wrote:

I can't think of a firewall out there that after 10 minutes of playing with you won't be able to configure, but this is absoloutley pointless if you don't understand networking and the underliying concepts.

As liamo said you're better off with doing some reading, playing with something like OpenBSD and PF gives you a deeper understanding of what's going on(Under the hood), clicking around a web inteface won't teach you zip.

i was more thinking of congiuring through cli not web interface

IDMUD

Even though you don't want to use a software firewall i would recommend getting a mini-itx board with dual nics and putting some premade linux distro on it. Performance wise I had a 266 P2 route 18mbit of traffic with caching and filtering. The advantage is that since it's linux you can add modules as you like, QOS, caching, content filtering and such. Really fun to toy around with.

Kali

I'd keep at the Netscreen until you get it to work... its a pretty decent box you have there.. with unfortunaly a rather limited web interface.

The netscreen 5 does support PPPoE so there should be no reason why you can't get it running with your eircom broadband (hint: set your existing eircom adsl modem to bridge mode and set PPPoE details on the netscreen).

Sounds to me like you're unwilling to learn the basics yet want to be able to put "Netscreen & Cisco Firewall Experience" on your CV... dangerous waters.

gline

Kali wrote:

I'd keep at the Netscreen until you get it to work... its a pretty decent box you have there.. with unfortunaly a rather limited web interface.

The netscreen 5 does support PPPoE so there should be no reason why you can't get it running with your eircom broadband (hint: set your existing eircom adsl modem to bridge mode and set PPPoE details on the netscreen).

Sounds to me like you're unwilling to learn the basics yet want to be able to put "Netscreen & Cisco Firewall Experience" on your CV... dangerous waters.

it isnt eircom its IBB
And no, I do want to learn the basics first, hence I am doing a networking course in May, and I dont put anything down on my CV that I cant prove I know
I spent at least 2-3 full nights trying to configure it, so I came to the conclusion it isnt compatible with my connection, as I sent it back and got a replacement and it was the same with that , so it wasnt a faulty box, just couldnt get it working with my connection

Jaden

I've managed to get IpCop to run on a WRAP board with a CF card. Very low power consumption, and absolutely silent.

Tiny device too.